
digraph rules {
  compound = true
  edge [arrowhead=open]
  node [shape=box,fontname="sans-serif",fontsize="16"]
  fontname="sans-serif";fontsize="16"
  ranksep = "0.3"
  //concentrate = true
  rankdir = TB
  
  <% unless @users.blank? %>
  {
    rank = source
    node [shape=polygon,style=filled,fillcolor="#eeeeee"]
    <% @users.each do |user| %>
    "<%= user.login %>"
    <% end %>
  }
  <% end %>

  {
    node [shape=ellipse,style=filled]
    <%= @stacked_roles ? '' : "rank = same" %>
    <% @roles.each do |role| %>
    "<%= role.inspect %>" [fillcolor="<%= role_fill_color(role) %>",label="<%= human_role(role) %>"]
    // ,URL="javascript:set_filter({roles: '<%= role %>'})"
    <% end %>
    <% @roles.each do |role| %>
        <% (@role_hierarchy[role] || []).select {|lower_role| @roles.include?(lower_role)}.each do |lower_role| %>
            "<%= role.inspect %>" -> "<%= lower_role.inspect %>" [arrowhead=empty]
        <% end %>
    <% end %>
  }

  <% unless @users.blank? %>
    <% @users.each do |user| %>
      <% user.role_symbols.select {|role| @roles.include?(role)}.each do |role| %>
    "<%= user.login %>" -> "<%= role.inspect %>" [color="<%= has_changed(:assign_role_to_user, role, user.login) ? '#00dd00' : (has_changed(:remove_role_from_user, role, user.login) ? '#dd0000' : '#000000') %>"]
      <% end %>
    <% end %>
  <% end %>

  <% @contexts.each do |context| %>
    subgraph cluster_<%= context %>  {
      label = "<%= human_context(context) %>"
      style=filled; fillcolor="#eeeeee"
      node[fillcolor=white,style=filled]
      <% (@context_privs[context] || []).each do |priv| %>
      <%= priv %>_<%= context %> [label="<%= human_privilege(priv) %>"<%= ',fontcolor="#ff0000"' if @highlight_privilege == priv %>]
      <% end %>
      <% (@context_privs[context] || []).each do |priv| %>
        <% (@privilege_hierarchy[priv] || []).
                select {|p,c| (c.nil? or c == context) and @context_privs[context].include?(p)}.
                each do |lower_priv, c| %>
      <%= priv %>_<%= context %> -> <%= lower_priv %>_<%= context %> [arrowhead=empty]
        <% end %>
      <% end %>
      //read_conferences -> update_conferences [style=invis]
      //create_conferences -> delete_conferences [style=invis]
    }
  <% end %>

  <% @roles.each do |role| %>
    <% (@role_privs[role] || []).each do |context, privilege, unconditionally, attribute_string| %>
  "<%= role.inspect %>" -> <%=  privilege %>_<%= context %> [color="<%= privilege_color(privilege, context, role) %>", minlen=3<%= ", arrowhead=opendot, URL=\"javascript:\", edgetooltip=\"#{attribute_string.gsub('"','')}\"" unless unconditionally %>]
    <% end %>
  <% end %>
}